Boffins from Vrije Universiteit in Amsterdam and ETH in Zurich have bypassed memory chip defenses to execute a successful browser-based Rowhammer side-channel attack dubbed SMASH.
Rowhammer refers to a technique that computer security researchers began to explore around 2014: "hammering" RAM chips with a series of rapid write operations. This process abuses the electronics enough to flip stored bits, potentially introducing errors that can be exploited for further gain.
Memory specifications introduced in 2014 added optional support for a mitigation called Target Row Refresh (TRR), a DRAM command available to memory controllers to refresh memory cell rows adjacent to particularly active areas as a way to prevent corruption.
But computer scientists from VU, ETH, and Qualcomm last year described a way to defeat TRR locally in a paper titled, TRRespass: Exploiting the Many Sides of Target Row Refresh [PDF].
It's Hammer Time!
Their SMASH attack can slowly but arbitrarily read and write memory in Firefox (v. 81.0.1) on an updated Ubun ..